How to Restrict Facebook's Access to Your Phone Number

By
Chloe AlbanesiusMarch 4, 2019, 9:50 p.m.

Once Facebook has scraped your phone number, you can't delete it from the social network's database. And other people can use it to look you up on Facebook. The best you can do is to limit who can find you via this phone number to just your friends. Here's how.

(sergey causelove/shutterstock.com)

Facebook is once again dealing with a privacy headache surrounding its collection of people's phone numbers.

As TechCrunch reported this weekend, the social network has a vast trove of phone numbers in its database, some of which are associated with internet users who aren't even on Facebook. It comes by these numbers in a variety of ways—your mobile phone or tablet; your carrier; a number that you entered previously but didn't confirm; and contact info provided by others on Facebook.

The trouble is, once Facebook has scraped your phone number, you can't delete it from the social network's database. And other people can use it to look you up on Facebook. The best existing Facebook users can do is to limit who can find them via this phone number to just friends. Here's how.

On the mobile app, tap the hamburger icon () and select Settings & Privacy > Settings > Privacy Settings. Scroll down to How People Can Find and Contact You, and look for "Who can look you up using the phone number you provided?"

Tap that, and you'll have the option for Everyone, Friends of friends, or Friends.

According to TechCrunch, the default setting is Everyone, which is likely unwelcome news for the privacy-conscious. Facebook tells TechCrunch it made this the default because it "makes it easier to find people you know but aren't yet friends with." Your best course of action here is to select Friends, which restricts access only to the people with whom you are friends on Facebook.

On the desktop, the process is similar. Select Settings > Privacy. Under How People Can Find and Contact You, look for "Who can look you up using the phone number you provided?" and click Edit on the right. In the drop-down menu, select Friends.

Limit Your Contact Info

As mentioned above, one way Facebook gathers phone numbers is by scanning people's contact lists to help them connect with friends on Facebook. We've all been there; you create an account on a new service, and in a bid to find people to follow, you provide the service with access to your contacts.

That's nice, but it also means that even if you actively avoid Facebook over privacy concerns, any rando with your phone number in their contacts list could possibly upload it to Facebook when signing up for the service. Facebook also has a setting that lets people continuously upload their contacts in order to surface new people to follow. Do you have that activated on your account? Let's find out.

On the mobile app, tap the hamburger menu and select Settings & Privacy > Settings and scroll down to Media and Contacts.

On Android, tap Media and Contacts and make sure Continuous Contacts Upload is toggled to off.

On iOS, tap Upload Contacts and make sure Upload Contacts is toggled off.

Use an Authenticator for 2FA

This isn't the first phone number-related uproar for Facebook. Last fall, Gizmodo reported that mobile numbers submitted to Facebook for the purposes of two-factor authentication (2FA), as well as contact information pulled from friends' address books, are used to target ads.

It turns out that Facebook lets advertisers upload information about people they want to target, including phone numbers and email addresses. If Facebook has that info in its system, the ad goes out.

So, as you can see, it's very difficult to avoid giving Facebook your phone number when everyone from advertisers to high school besties can upload it to the social network with a few taps. But you can try. And in this instance, you can use an Authenticator app for 2FA approval instead of your phone number, an option Facebook rolled out in May.

As a refresher, 2FA is a security option that requires two forms of authentication when you sign into an account—usually your password and a code sent to your phone via text or an authenticator app. To set it up on Facebook, go to Settings > Security and Login and look for two-factor authentication. There you can opt how to get your secondary login.

If you opt for an authenticator app, you'll have to download one. I use Google Authenticator (Android, iOS) but you can use whatever you prefer. To add Facebook, open the authenticator app, tap to add a new account, and either scan a QR code or enter a code provided by Facebook. Then, when you log in, you enter your Facebook password and then open the app to retrieve a six-digit code that changes every 30 seconds.

If you are currently using a phone number for Facebook 2FA and want to switch to an Authenticator, you can do that easily. But to remove your phone number, at least in theory, you'll have to turn 2FA off and add it back with just an authenticator. On desktop, navigate to Settings > Security & Login and click "Edit" next to Use two-factor authentication.

Under "Added Security," click to remove your phone number. A pop-up will tell you that doing so turns off 2FA. Click OK and then navigate back to settings to set up 2FA once again.

About the Author

Chloe Albanesius has been with PCMag.com since April 2007, most recently as Executive Editor for News and Features. Prior to that, she worked for a year covering financial IT on Wall Street for Incisive Media. From 2002 to 2005, Chloe covered technology policy for The National Journal's Technology Daily in Washington, DC. She has held internships at NBC's Meet the Press, washingtonpost.com, the Tate Gallery press office in London, Roll Call, and Congressional Quarterly. She graduated with a bachelor's degree in journalism from American University in Washington, D.C. See Full Bio